The branch main has been updated by glebius:
URL:
https://cgit.FreeBSD.org/src/commit/?id=cdacb12065e4d85416655743da5bc6b17a9d9119
commit cdacb12065e4d85416655743da5bc6b17a9d9119
Author: Gleb Smirnoff <gleb...@freebsd.org>
AuthorDate: 2025-01-29 23:40:56 +0000
Commit: Gleb Smirnoff <gleb...@freebsd.org>
CommitDate: 2025-01-29 23:48:55 +0000
netlink/route: validate family attribute
PR: 283818
---
sys/netlink/route/rt.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sys/netlink/route/rt.c b/sys/netlink/route/rt.c
index 9750ad9d0649..30dab2b0d8cf 100644
--- a/sys/netlink/route/rt.c
+++ b/sys/netlink/route/rt.c
@@ -955,7 +955,7 @@ rtnl_handle_newroute(struct nlmsghdr *hdr, struct nlpcb
*nlp,
/* pre-2.6.19 Linux API compatibility */
if (attrs.rtm_table > 0 && attrs.rta_table == 0)
attrs.rta_table = attrs.rtm_table;
- if (attrs.rta_table >= V_rt_numfibs) {
+ if (attrs.rta_table >= V_rt_numfibs || attrs.rtm_family > AF_MAX) {
NLMSG_REPORT_ERR_MSG(npt, "invalid fib");
return (EINVAL);
}
@@ -1018,7 +1018,7 @@ rtnl_handle_delroute(struct nlmsghdr *hdr, struct nlpcb
*nlp,
return (ESRCH);
}
- if (attrs.rta_table >= V_rt_numfibs) {
+ if (attrs.rta_table >= V_rt_numfibs || attrs.rtm_family > AF_MAX) {
NLMSG_REPORT_ERR_MSG(npt, "invalid fib");
return (EINVAL);
}
@@ -1041,7 +1041,7 @@ rtnl_handle_getroute(struct nlmsghdr *hdr, struct nlpcb
*nlp, struct nl_pstate *
if (error != 0)
return (error);
- if (attrs.rta_table >= V_rt_numfibs) {
+ if (attrs.rta_table >= V_rt_numfibs || attrs.rtm_family > AF_MAX) {
NLMSG_REPORT_ERR_MSG(npt, "invalid fib");
return (EINVAL);
}
